This privacy policy was last updated on 1 April 2022.

Privacy Policy regarding Zaver’s services - convenience translation.

1. General.

This document (hereinafter the “Privacy Policy”) uses definitions as set out in the general terms and conditions (Terms of Use) for the digital services provided by Frink AB (sometimes referred to as “Zaver”, “we” or “the company”). Zaver is the data controller in accordance with the EU Data Protection Regulation (the “GDPR”). You can find contact information to Zaver in section 10. 

This privacy policy describes how Zaver, as a personal data controller, collects, saves, processes, shares and transfers your personal data when you visit Zaver’s website or use Zaver’s services.

This privacy policy is a part of what applies between you as a customer or registered user and Zaver in matters concerning the protection and processing of your personal data.

It is important to us that you feel safe when you pay with Zaver or use any of Zaver’s other services. Therefore, we are providing information about how we use your personal data in this privacy policy. We recommend that you read this document carefully before using our services and contact us if you have any questions.

2. Your data protection rights.


The right to access.

You have the right to request Zaver for copies of your personal data. You may then validate the information we have on you. It is free to request such a copy.

 

The right to rectification.

You have the right to request that Zaver correct any information you believe is inaccurate. You also have the right to request Zaver to complete information that you believe is incomplete.

 

The right to data portability.

You have the right to request that Zaver transfer the data that we have collected to another organization, or directly to you, under certain conditions.

 

The right to erasure.

You have the right to request that Zaver erase your personal data. This applies to information that is no longer necessary to process for the purpose(s) for which it was originally collected, or if you revoke your consent. It is however important to know that the right to have your information erased is not absolute. Zaver is obligated by law to retain certain information. These obligations prevent us from immediately erasing certain information. 

 

The right to oppose the processing of your personal data or to object to our processing.

You may object to our processing of your personal data based on our legitimate interest (Article 6(1)(f) GDPR. However, we may still process your personal data if there is compelling legitimate interest that outweighs your right to not have your personal data processed .

 

The right to withdraw your consent.

In the cases where Zaver processes your personal data based on your consent, you have the right to revoke your consent  at any time. This means that we will stop the processing, but it does not affect the processing that we have already performed. 

 

The right to restrict processing.

You have the right to request that Zaver restrict the processing of your personal data ,under certain conditions. If you believe that the data is inaccurate, that our processing is unlawful or that we do not need the information for a specific purpose, you may request that we restrict the processing of your personal data. You may also request a restriction while you are waiting for our assessment to see if our interest in processing your data outweighs your right not to have this data processed.

The right to object to an automated decision that significantly affects you.

You have the right to object to an automated decision made by Zaver if this decision entails legal consequences or constitutes a decision that affects you significantly in a similar way. If you object against an automated decision, the decision will be reviewed by a person to ensure that it is correct, taking into account any additional information that you give us.

The right to refuse processing for direct marketing purposes .

You have the right to object to the processing of your personal data for direct marketing purposes. Write to Zaver in the app or by email to info@zaver.se and we will help you with your request. 

3. What kind of personal data we collect and where it comes from

Contact and identity data Name, date of birth, social security number, registered address, mobile phone number and your email address. 

A user account is created the first time you identify yourself with BankID against one of Zaver’s services, to which certain personal data is linked. The information is collected from you and, to verify  the information, from third parties such as SPAR (Statens personadressregister). 

Information about your financial standingInformation about, for example, your income, any credits, paid taxes, negative payment history and previous credit approvals. 

When applying for credit, Zaver may collect information about your finances for the calculation of your creditworthiness. The information is collected from credit information bureaus and you.

This process involves profiling and constitutes an automated decision, go to section 3 for further information.

Transaction history and och information about your use of Zaver’s servicesInformation about outstanding debt, historical debt and repayment history. Which service(s) you have used and how you have used them.

This information comes from us (source). The information is processed by us continuously monitoring and reviewing transactions in order to prevent Zaver from being used for money laundering, terrorist financing, fraud and other criminal activities. We also carry out risk assessments and create monitoring and risk models for this purpose.

This process involves profiling and constitutes an automated decision, go to section 3 for further information. 

Information about the purpose and nature of the transactionInformation about, for example, what type of item or service you have purchased

When you use Zaver’s services to send a payment request (to receive payment) or accept a payment request(to pay), we ask for information about the transaction in question. The information is collected from the merchant or from you who uses Zaver’s service.

Payment informationClearing and serial number for bank accounts, bank account number, the relevant bank’s name

This information is collected in order to make a payment. Zaver collects the information from you or from a counterpart in a transaction. 

Information about electronic identification and electronic signatures In addition to name and social security number, for example BankID-serial numbers. 

The information is collected from Finansiell ID-Teknik AB (BankID) so that we can identify you.

Technical information about your use of Zaver’s services and device information Technical data generated through your use of Zaver’s services such as whether or not sms and emails have reached you, response time for web pages, any errors that have occurred and the date and time when you used Zaver’s services. Device information includes information about your phone or computer such as IP address, language settings, browser settings, time zone, geographical position, operating system, platform, screen resolution, how fast the connection you use is and other similar information.

When you use Zaver’s services, technical user data and device information is collected from your device and from us. This process may involve profiling, go to section 4 for further information. 

Information about your contacts with Zaver’s customer service Chat conversations, email correspondence and recorded phone calls.

This information is collected when you contact our customer service. The main purpose of this processing is to enable us to manage our customer relationship with you. 

Information concerning PEP-status and sanctionsLists of persons constituting politically exposed persons (“PEP”) and sanction lists include information such as name, date of birth, social security number, place of birth, occupation or position, and the reason why the person is on the list in question.

Zaver collects information from you and from third parties to investigate whether you have a politically exposed position or are related to such a person (PEP/RCA-status). Furthermore, reconciliation with sanction lists is done. In connection with the first time you identify yourself with any of Zaver’s services, you undertake to also provide information on your own regarding possible PEP/RCA-status. When you provide information that indicates PEP/RCA-status, Zaver will probably gather more information in the case.

This process involves profiling and constitutes an automated decision, go to section 3 for further information.

Sensitive personal data and criminal offensesSensitive data is data that reveals political views, religious beliefs, health or information about criminal offenses

Sensitive personal data and data about criminal offenses can appear in PEP- and sanction lists, the information is then processed when necessary for e.g. determine your PEP/RCA status or your risk profile. In cases where sensitive personal data and criminal offenses are processed, the basis for our processing is that it is necessary out of consideration for a public interest or that you have given your explicit consent. 

Additional information

Zaver may collect information about you from other sources, including but not limited to, publicly available information on the internet, insofar that it is relevant to, for example, confirm an assessment of your transactions. If Zaver makes the assessment that Zaver has not received sufficient information from you, Zaver may ask you to submit additional information to Zaver by post, Zaver’s electronic message system, a specified email address or other channel communicated by Zaver. The processing of this information is based on Zaver’s legal obligation to prevent money laundering and terrorist financing or Zaver’s legtimate interest to prevent Zaver's services from being used for fraud or other criminal acts.


Categories of personal data processed.
Purpose of the processing.
Legal basis
Profiling and automated decision-making.
  • Contact and identification data.
  • Information about electronic identification and electronic signatures.
To check your identity and verify your information.
  • Legal obligation to establish your identity.
  • Fulfill Zaver’s agreement with you.
Yes
  • Information about your financial standing.
  • Transaction history and information about your use of Zaver’s services.
To assess any applications for credit.
  • To enter and fulfill Zaver’s agreement with you.
  • Legal obligation (Swedish Consumer Credit Act).
Yes
All categories of data may be processed for this purpose, but the categories that we primarily process are:
  • Transaction history and information about your use of Zaver’s services.
  • Information regarding PEP and sanctions.
  • Contact and identification data.
  • Information indicating the purpose and nature of the transaction.
  • Sensitive personal data and criminal offenses.
To prevent Zaver's services from being used for money laundering, terrirorist financing, fraud or other criminal acts.

Zaver is also monitoring transactions, conducts risk assessments and creates risk models to prevent that Zaver services are used in connection with money laundering and terrorist financing.
  • Legitimate interest.
  • Legal obligation (applicable law relating to anti-money laundering and terrorist financing).
  • As regards sensitive personal data, the condition is that the processing is necessary in the public interest.
Yes
  • Payment information.
  • Information indicating the purpose and nature of the transaction.
To be able to complete a transaction.
Fulfill Zaver’s agreement with you.
No
  • Contact and identification data.
  • Information about your use of Zaver’s services.
  • Technical information about your use of Zaver’s services and device information.
To maintain a high level of security and safety (eg network and information security) for us and our users.
Legitimate interest.
No
All categories of data may be processed for this purpose, but the categories that we primarily process are:
  • Information about your financial standing.
  • Transaction history.
  • Information indicating the purpose and nature.
  • Information about your use of Zaver’s services.
  • Technical information about your use of Zaver’s services and device information.
To conduct product development, product testing and data analysis (e g to improve our risk and credit models).
Legitimate interest.
Yes, in some cases
All categories of data may be processed. We may also collect additional information for this purpose.
To protect Zaver from legal claims and safeguard Zaver’s legal rights, for example, to handle complaints and claims, or in legal proceedings to ensure that Zaver’s services are not used in violation of applicable conditions.
Legitimate interest.
No
  • Contact and identity data.
  • Information about your use of Zaver’s services.
  • Technical information about your use of Zaver’s services and device information.
To market products and services to you.
Legitimate interest.
Yes
    All categories of data may be processed.
    To collect and sell overdue debts. We may also transfer personal data to debt collection agencies for this purpose, see section 5.
    Legitimate interest.
    Yes, in some cases
    • Contact and identity data.
    • Information about your use of Zaver’s services.
    • Information about your use of Zaver’s services and device information.
    To manage our agreement with you, for example creating and sending information to you in electronic format such as invoices and reminders.
    Fulfill Zaver’s agreement with you. If sensitive personal data is processed, our processing of such data is based on your consent. 
    No
    • Contact and identity data.
    • Payment information
    • Information indicating the purpose and nature of the transaction.
    • Information about your use of Zaver’s services.
    For our bookkeeping and accounting in accordance with accounting laws and perform calculations and fulfill reporting requirements in accordance with rules for payment institutions.
    To comply with law (the Swedish Accounting Act (1999:1078) and applicable law for payment institutions.
    No

    4. Automated decisions and profiling.

    Profiling means an automated processing of personal data to evaluate certain personal matters, for example, your financial situation, personal preference, behaviors or your place of residence.

    Profiling is used by Zaver for, including but not limited to, market and customer analyses, system development, marketing, in automated decisions and in monitoring transactions to counter money laundering, financing of terrorism and other criminal acts. The basis for profiling are Zaver’s legitimate interest, legal obligations, fulfillment of an agreement or consent. In cases where consent is the legal basis for the processing, the customer is asked to give consent to such processing.

    In most cases, Zaver and Zaver’s partners, credit decisions are based solely on automated processing that includes profiling. These automated credit decisions are based on the information you provide, information from external sources such as credit bureaus and our internal information. In addition to information about you, Zaver’s and Zaver’s partners credit models include a large number of other factors such as our internal credit risk levels and Zaver’s customers general repayment rates, based on, for example, product category.

    Zaver also make extensive use of automated decision-making when deciding whether there is a risk of money laundering, terrorist financing or any other criminal act. The automated decisions are based on the information you have provided, information from external sources such as agencies that provide PEP and sanction lists, credit information bureaus and our internal information. In addition to information about you, our automated decisions are based on the risk assessment we have made of Zaver’s business. 

    If you are not approved in regards to the automated decision making you will not have access to our services, such as our payment method. Zaver has several security mechanisms to check that the decisions are correct, which includes ongoing overviews of our decision models, and random spot-checks in individual cases. You may contact Zaver if you disapprove of the outcome of the automated decision, and we will review your case.


    5. Storage, who we share your personal data with and where the information is transferred.

    Your personal data is stored and processed in electronic data management systems administered by Zaver. Zaver always strives to process your personal data within the EU/EEA. When we share your personal data, we ensure that the recipient processes it in accordance with this policy, e.g. by entering into data transfer agreements or data processor agreements with the recipients.

    Zaver may transfer your personal data to recipients which are located in countries outside the EU/EEA which do not have the same level of protection for personal data as the EU/EEA. Countries outside of the EU/EEA may have laws that allow public authorities to request access to personal data stored in the country for the purpose of combating crime or safeguarding national security. To ensure that your personal data is secure in such cases, Zaver and the recipient have entered into the European Commission’s standard clauses and/or Zaver has ensured that other appropriate protection measures are in place. Your rights in respect to your personal data (set out in section 2), are not affected when data is transferred outside of the EU/EEA. If you want more information about our safety measures you can always contact us.

    Suppliers and subcontractors – Zaver uses suppliers and subcontractors for services that we are unable to provide, such as identification services and data storage providers, for example Finansiell ID-Teknik AB (BankID). We ensure that the suppliers and subcontractors process the data in accordance with this policy. Zaver has a legitimate interest in being able to access these services and functionality (Article 6(1)(f) GDPR). We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose  

    Authorities – Zaver may provide necessary information to authorities such as the police,  financial authorities (Finansinspektionen), tax authorities (Skatteverket) or other authorities  and courts of law. Personal data is shared with the authority when we are required by law to do so, or in some cases if you have asked us to do so, or if required to manage tax deductions or counter crime. Depending on the authority and purpose, the legal bases are the obligation to comply with the law (Article 6(1)(c) GDPR), to fulfill the agreement with you (Article 6(1)(b) GDPR), or Zaver’s legitimate interest in protecting itself from crime (Article 6(1)(f) GDPR).


    Third parties in a transaction when you use Zaver’s services, for example, merchants and other users – Information such as your name, phone number, bank account number, and time of signing a credit agreement and/or the content of a payment request may be shared with third parties who are involved in the processing of the transaction. This includes other users that you send or receive money from. The legal basis for sharing your information with merchant’s is partly to fulfill an agreement (Article 6(1)(b) GDPR), insofar as the sharing takes place to fulfill the agreement between you and the merchant, and partly based on Zaver’s legitimate interest (Article 6(1)(f) GDPR). We ensure that the processing is necessary to pursue that interest, and that our interest outweighs your right not to have your data processed for this purpose.

    Banks, payment service providers, financial institutions and account information service providers – Banks, payment service providers, financial institutions and account information service providers, including Bankgirocentralen BGC AB (Bankgirot) provide services to Zaver to implement and administer electronic payments through a variety of payment methods, such as Swish (if you use swish we will share your details with Swedbank (publ)), direct debit and invoice. Zaver shares information with these companies to enable the transaction that you have initiated and it is done to fulfill the agreement with you (Article 6(1)(b) GDPR). If you do not have an agreement with Zaver but, for example, is only the recipient of a payment, the sharing is based on Zaver’s legitimate interest (Article 6(1)(f) GDPR). 

    Companies that provide PEP/Sanction lists – We share your personal data with companies that provide PEP/sanction lists to control whether or not you are a politically exposed person or a relative or close associate to such a person (PEP/RCA status). Furthermore these companies check if you are on a sanction list. Zaver shares your information to fulfill legal obligations (Article 6(1)(f) GDPR), as the companies that provide PEP/sanction lists have information that Zaver needs to comply with sanctions and achieve customer knowledge in accordance with applicable laws relating to anti-money laundering and terrorist financing. 

    Authorities or companies that provide identity information - When you use our services, your identity and contact information is checked, this is done in Sweden by sending the information to the Swedish Personal Address Register, SPAR. SPAR processes information in accordance with law, more information can be found  here: https://www.statenspersonadressregister.se/master/start/dina-personuppgifter/.  

     

    Credit information bureaus – If you apply to use a service from Zaver that involves credit being provided to you, we will share your personal data with credit information bureaus. Sharing does not take place in the event of small amounts or where we already have sufficient information. Your personal information is shared with credit information bureaus in order to assess your creditworthiness in connection with your credit application, to confirm your identity and your contact information, and to protect you and other customers from fraud. The credit information bureau will inform you that Zaver has requested a credit report. Zaver shares your information based on Zaver’s legitimate interest (Article 6(1)(f) GDPR), as the credit information bureaus have information about your financial standing which is important for Zaver to use as input to ensure a correct credit assessment. The credit bureau processes your personal data in accordance with its own privacy notice:

    Bisnode Kredit AB
    Rosenborgsgatan 4-6

    169 93 Solna

    https://www.bisnode.se/dataskydd/personuppgifter/behandlingar-i-sverige/personuppgifter-kreditupplysningsverksamheten/  

     

    UC AB

    117 88 Stockholm

    https://www.uc.se/upplysningskopian/ 

    Debt collection companies– Zaver may share your information when we sell or outsource collection of unpaid overdue debts through a third party, such as a debt collection company. This data is shared based on our legitimate interest in collecting or selling debt (Article 6(1)(f) GDPR). We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right to not have your information processed for this purpose.

    Social media companies - If you contact us via social media such as Facebook,  Twitter or Instagram, your personal data will also be collected and processed by these companies, in accordance with their privacy notices. Sharing is performed to fulfill the agreement with you (Article 6(1)(b) GDPR).

     

    A person who holds a power of attorney for you – Zaver may share your personal information with a person who has the right to access it under a power of attorney. This processing is carried out to facilitate your contact with us (through agents), and takes place based on your consent (Article 6(1)(a) GDPR). 


    6. Retention.

    We will not hold your personal data for longer than is necessary. We retain your personal data for as long as we need it for the purposes described in this policy, or to comply with our obligations under applicable law. Personal data that we are under a legal obligation to retain, for example under anti-money laundering laws or bookkeeping laws, is generally retained for 5 and 7 years respectively. Personal data used for the contractual relationship between you and us is generally stored for the duration of the contractual relationship and thereafter for a maximum of 10 years based on statutes of limitations.


    7. How we use cookies and other tracking technology.

    Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, use our app, use our service or visit a third party’s website Zaver and our partners may collect information from you automatically through cookies or similar technology.

    We use cookies in a range of ways to improve your experience, including but not limited to:

    • Keeping you signed in
    • Fill out forms
    • Customizing your experience
    • Ensure the safety and stability of our services
    • Monitor the use and performance of our services
    • Advertising purposes 

    Some aspects and functions of our services are only available through the use of cookies. If you choose to disable or reject the use of cookies, the available services may be limited or you may not be able to use the services at all. You can read more about cookies in our cookie policy.

    8. Complaints.

    We work hard to make sure you feel safe regarding Zaver’s processing of your personal data. If you have any complaints in connection with our processing of your personal data you can contact us. You can also lodge a complaint with the Swedish Authority for Privacy Protection.


    9. Contact information.

    Frink AB is registered with the Swedish Companies Registration Office under company number 559059-8420. You may contact us by phone at +46 8 551 062 60, by email to info@zaver.se or by message through Zaver’s app. Zaver has a data protection officer and an internal team that handles data protection issues. You can reach them by email to dpo@zaver.se


    10. Information about the processing of personal data for the merchant’s and their representatives/beneficial owner(s).

    If you are a merchant with whom Zaver has an agreement with, Zaver may process personal data such as information about the merchant’s representatives, information about representatives for direct and indirect owners of the merchant and information about the merchant’s beneficial owner. Zaver processes personal data in order to fulfill and maintain the agreement with the merchant, for the purpose of fulfilling a legal obligation or based on a legitimate interest.

    The categories of personal data that we process are primarily contact and identity data, PEP-status and sanction lists, information about electronic identification and electronic signatures, information about your contacts with Zaver’s customer service and in some cases information about your financial standing. For example, Zaver identifies beneficial owners and representatives and verifies the information against external sources. Zaver also checks PEP and sanction lists. Zaver may process additional information about representatives and beneficial owners if it is necessary for us to achieve sufficient customer knowledge in accordance with applicable laws concerning money laundering and terrorist financing.

    Personal data may be used for, amongst other things, statistical analysis, business reports and in fraud investigations. The processing is then based on a legitimate interest. Zaver may use the merchant’s and the representative’s contact information to send newsletters, conduct product surveys, market similar products and services from Zaver or Zaver’s partners and event invitations. Such marketing is based on a legitimate interest. The recipient of marketing may waive additional marketing communications by contacting Zaver.

    The personal data may be transferred to the third parties specified in this privacy policy. The rights that apply to customers' personal data processing in this policy also apply to personal data that is processed about representatives and beneficial owners of affiliated merchants.